Bump the npm_and_yarn group across 2 directories with 45 updates #10

dependabot · 2025-05-19T22:34:06Z

Bumps the npm_and_yarn group with 9 updates in the /api directory:

Package	From	To
async	`2.6.4`	`3.2.6`
body-parser	`1.20.3`	`2.2.0`
express	`4.21.2`	`5.1.0`
jsonwebtoken	`7.4.3`	`9.0.2`
mongodb	`2.2.36`	`6.16.0`
multer	`1.4.4`	`2.0.0`
passport	`0.3.2`	`0.7.0`
remarkable	`1.6.2`	`1.7.2`
serve-static	`1.16.2`	`2.2.0`

Bumps the npm_and_yarn group with 32 updates in the /app directory:

Package	From	To
async	`2.5.0`	`2.6.4`
body-parser	`1.17.2`	`1.20.3`
express	`4.15.3`	`4.20.0`
jsonwebtoken	`7.4.1`	`9.0.2`
passport-jwt	`2.2.1`	`4.0.1`
mongodb	`2.2.30`	`3.1.13`
multer	`1.3.0`	`2.0.0`
passport	`0.3.2`	`0.6.0`
remarkable	`1.6.2`	`1.7.2`
ajv	`4.11.8`	`6.12.6`
request	`2.81.0`	`2.88.2`
fsevents	`1.1.2`	`1.2.13`
bl	`1.2.1`	`1.2.3`
request-json	`0.6.2`	`0.6.5`
decompress	`4.2.0`	`4.2.1`
deep-extend	`0.4.2`	`0.6.0`
rc	`1.2.1`	`1.2.8`
ini	`1.3.4`	`1.3.8`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.0`	`1.4.2`
minimatch	`3.0.4`	`3.1.2`
semver	`5.3.0`	`5.7.2`
tunnel-agent	`0.4.3`	`0.6.0`
caw	`2.0.0`	`2.0.1`
js-yaml	`3.9.0`	`3.14.1`
randomatic	`1.1.7`	`3.1.1`
fill-range	`2.2.3`	`2.2.4`
undefsafe	`0.0.3`	`2.0.5`
nodemon	`1.11.0`	`1.19.4`
underscore.string	`2.4.0`	`removed`
remarkable	`1.7.2`	`1.7.4`
validator	`6.3.0`	`13.15.0`
swagger-jsdoc	`1.9.5`	`6.2.8`

Updates async from 2.6.4 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

Fix a bug in priorityQueue where it didn't wait for the result. (#1725)

Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

Fix potential prototype pollution exploit

v3.2.1

Use queueMicrotask if available to the environment (#1761)

Minor perf improvement in priorityQueue (#1727)

More examples in documentation (#1726)

Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)

Improved test coverage (#1754)

v3.2.0

Fix a bug in Safari related to overwriting func.name

Remove built-in browserify configuration (#1653)

Varios doc fixes (#1688, #1703, #1704)

v3.1.1

Allow redefining name property on wrapped functions.

v3.1.0

Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)

Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)

Fixed a parsing bug in autoInject with complicated function bodies (#1663)

Added ES6+ configuration for Browserify bundlers (#1653)

Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)

Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.
</tr></table> 

... (truncated)

Commits

85fb18f Version 3.2.6
8c0c941 Update built files
5f756b4 Fix ReDoS (#1980)
39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
7b8ddeb build(deps-dev): bump @babel/core from 7.24.7 to 7.25.2 (#1981)
4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
3568a74 build(deps-dev): bump @babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
Additional commits viewable in compare view

Updates body-parser from 1.20.3 to 2.2.0

Release notes

Sourced from body-parser's releases.

v2.2.0

What's Changed

test: remove --bail from test script by @Phillip9587 in expressjs/body-parser#583

ci: separate lint step by @Phillip9587 in expressjs/body-parser#582

fix: remove skip of test by @bjohansebas in expressjs/body-parser#589

ci: use lcovonly reporter for the test-ci script by @Phillip9587 in expressjs/body-parser#584

docs: remove security file by @bjohansebas in expressjs/body-parser#590

fix(docs): replace var with let or const in ReadMe by @Binilkks in expressjs/body-parser#581

chore: update test dependencies by @Phillip9587 in expressjs/body-parser#585

dep: upgrade iconv-lite to ^0.6.3 by @aqeelat in expressjs/body-parser#588

Refactor parameterCount to optimize performance by @wojtekmaj in expressjs/body-parser#591

refactor: normalize common options for all parsers by @Phillip9587 in expressjs/body-parser#551

refactor: cleanup parser options by @Phillip9587 in expressjs/body-parser#596

Release 2.2.0 by @UlisesGascon in expressjs/body-parser#597

New Contributors

@Binilkks made their first contribution in expressjs/body-parser#581

@aqeelat made their first contribution in expressjs/body-parser#588

@wojtekmaj made their first contribution in expressjs/body-parser#591

Full Changelog: expressjs/body-parser@v2.1.0...v2.2.0

v2.1.0

What's Changed

fix: update package.json engines field to reflect minimum supported node version by @Phillip9587 in expressjs/body-parser#541

fix: remove brotli support check by @Phillip9587 in expressjs/body-parser#542

fix: remove unpipe package and use native unpipe method by @Phillip9587 in expressjs/body-parser#543

Remove unused devDependency methods by @Phillip9587 in expressjs/body-parser#548

ci: updated github actions ci workflow by @Phillip9587 in expressjs/body-parser#546

Remove devDependency safe-buffer by @Phillip9587 in expressjs/body-parser#547

test: remove AsyncLocalStorage check by @Phillip9587 in expressjs/body-parser#549

perf: use the node require cache instead of custom caching by @Phillip9587 in expressjs/body-parser#562

ci: disable fail-fast in CI workflow by @Phillip9587 in expressjs/body-parser#565

chore(deps): update type-is to v2.0.0 by @Phillip9587 in expressjs/body-parser#571

refactor: prefix built-in node module imports by @Phillip9587 in expressjs/body-parser#573

fix: remove obsolete dependency destroy by @Phillip9587 in expressjs/body-parser#570

cleanup: remove obsolete test env file by @Phillip9587 in expressjs/body-parser#569

Refactor decompression stream creation to remove code duplication by @Phillip9587 in expressjs/body-parser#564

Add caret for body-parser dependencies by @wesleytodd in expressjs/body-parser#577

ci: add CodeQL (SAST) by @bjohansebas in expressjs/body-parser#559

chore(deps): update debug to ^4.4.0 by @Phillip9587 in expressjs/body-parser#579

Release v2.1.0 by @wesleytodd in expressjs/body-parser#578

Full Changelog: expressjs/body-parser@2.0.1...v2.1.0

2.0.2

What's Changed

fix: update package.json engines field to reflect minimum supported node version by @Phillip9587 in expressjs/body-parser#541

fix: remove brotli support check by @Phillip9587 in expressjs/body-parser#542

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.0 / 2025-03-27

refactor: normalize common options for all parsers

deps:

iconv-lite@^0.6.3

2.1.0 / 2025-02-10

deps:

type-is@^2.0.0

debug@^4.4.0

Removed destroy

refactor: prefix built-in node module imports

use the node require cache instead of custom caching

2.0.2 / 2024-10-31

remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

Restore expected behavior extended to false

2.0.0 / 2024-09-10

Propagate changes from 1.20.3

add brotli support #406

Breaking Change: Node.js 18 is the minimum supported version

2.0.0-beta.2 / 2023-02-23

This incorporates all changes after 1.19.1 up to 1.20.2.

Remove deprecated bodyParser() combination middleware

deps: [email protected]

Add DEBUG_HIDE_DATE environment variable

Change timer to per-namespace instead of global

Change non-TTY date format

Remove DEBUG_FD environment variable support

Support 256 namespace colors

deps: [email protected]

Add encoding cp720

Add encoding UTF-32

deps: [email protected]

... (truncated)

Commits

0aa4e11 2.2.0 (#597)
4d85c4c refactor: cleanup parser options (#596)
d11899b refactor: normalize common options for all parsers (#551)
f27f2ce perf: refactor parameterCount to optimize performance (#591)
ccad155 dep: upgrade [email protected] (#588)
f75bd25 chore: update test dependencies (#585)
0f12509 fix(docs): replace var with let or const in ReadMe (#581)
5e6dd08 fix(docs): remove security file (#590)
d127b9c ci: use lcovonly reporter for the test-ci script (#584)
d0bf2be fix: remove skip of test (#589)
Additional commits viewable in compare view

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

Update captains by @UlisesGascon in expressjs/express#6027

build: Node.js 23.0 by @bjohansebas in expressjs/express#6075

Add funding field (v5) by @bjohansebas in expressjs/express#6064

✅ add discarded middleware test by @ctcpip in expressjs/express#5819

update homepage link http to https by @bjohansebas in expressjs/express#5920

Improve readme by @bjohansebas in expressjs/express#5994

Add bjohansebas as repo captain for expressjs.com by @crandmck in expressjs/express#6058

Remove Object.setPrototypeOf polyfill by @Phillip9587 in expressjs/express#6081

fix(buffer): use node:buffer instead of safe-buffer by @bhavya3024 in expressjs/express#6071

docs: Add DCO by @UlisesGascon in expressjs/express#6048

cleanup: remove promise support check from tests by @Phillip9587 in expressjs/express#6148

Use loop for acceptParams by @blakeembrey in expressjs/express#6066

Improve documentation step in release process by @bjohansebas in expressjs/express#6150

cleanup: remove unnecessary require for global Buffer by @Phillip9587 in expressjs/express#6146

cleanup: remove AsyncLocalStorage check by @Phillip9587 in expressjs/express#6147

update history.md for acceptParams change by @jonchurch in expressjs/express#6177

docs: add @rxmarbles to the triage team by @UlisesGascon in expressjs/express#6151

refactor: improve readability by @sazk07 in expressjs/express#6173

docs: clarify the security process in the triage role by @bjohansebas in expressjs/express#6217

chore: replace methods dependency with standard library by @jonkoops in expressjs/express#6196

Remove utils-merge dependency - use spread syntax instead by @Phillip9587 in expressjs/express#6091

fix(securite): fix vulnerabilities by @Abdel-Monaam-Aouini in expressjs/express#6211

refactor: prefix built-in node module imports by @slagiewka in expressjs/express#6236

fix: remove download size badges by @wesleytodd in expressjs/express#6266

Remove unused depd dependency by @jonkoops in expressjs/express#6197

fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @hamirmahal in expressjs/express#6256

Add support for OSSF scorecard reporting by @UlisesGascon in expressjs/express#5431

docs: add @Phillip9587 to the triage team by @bjohansebas in expressjs/express#6276

fix: added a missing semicolon in css styles in examples/auth by @pr4j3sh in expressjs/express#6297

docs: include team email in the security policy by @UlisesGascon in expressjs/express#6278

refactor: simplify normalizeTypes function by @Ayoub-Mabrouk in expressjs/express#6097

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6314

ci: fix npm install --include typo by @Phillip9587 in expressjs/express#6324

ci: updated scorecard actions by @Phillip9587 in expressjs/express#6322

build(deps): use carat notation for dependency versions by @dpopp07 in expressjs/express#6317

chore(deps): update debug to ^4.4.0 by @Phillip9587 in expressjs/express#6313

docs: retroactively note 5.0.0-beta.1 api change in history file by @dpopp07 in expressjs/express#6333

feat(deps): body-parser@^2.1.0 by @wesleytodd in expressjs/express#6332

feat(deps): router@^2.1.0 by @wesleytodd in expressjs/express#6331

Update repo captains by @UlisesGascon in expressjs/express#6234

deps: upgrade nyc by @agungjati in expressjs/express#6122

fix (deps): update deps by @wesleytodd in expressjs/express#6337

response: add support for ETag option in res.sendFile by @juanarbol in expressjs/express#6073

Update multiple links to use https instead of http by @Phillip9587 in expressjs/express#6338

Extend res.links() to allow adding multiple links with the same rel #2729 by @andvea in expressjs/express#4885

docs: update emeritus triagers by @UlisesGascon in expressjs/express#6345

docs: update guidance for triager nominations by @bjohansebas in expressjs/express#6349

docs: clarify guidelines for becoming a committer by @bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: [email protected]

deps: [email protected]

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: [email protected]

res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

change:

res.clearCookie will ignore user provided maxAge and expires options

deps: cookie-signature@^1.2.1

deps: [email protected]

deps: merge-descriptors@^2.0.0

deps: serve-static@^2.1.0

deps: [email protected]

deps: accepts@^2.0.0

deps: mime-types@^3.0.0

application/javascript => text/javascript

deps: type-is@^2.0.0

deps: content-disposition@^1.0.0

... (truncated)

Commits

cd7d439 5.1.0
4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
cb4c56e fix(docs): remove @mertcanaltin from Triagers (#6408)
7b44e1d ci: use full SHAs for github action versions
eb6d125 deps: router@^2.2.0 (#6417)
f1a2dc8 deps: type-is@^2.0.1 (#6420)
6b51e8e deps: body-parser@^2.2.0 (#6419)
1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
9e97144 feat(deps): [email protected] (#6373)
29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
Additional commits viewable in compare view

Updates jsonwebtoken from 7.4.3 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573

Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555

Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577

Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544

ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

... (truncated)

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
84539b2 Updating package version to 9.0.1 (#920)
a99fd4b fix(stubs): allow decode method to be stubbed (#876)
e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates mongodb from 2.2.36 to 6.16.0

Release notes

Sourced from mongodb's releases.

v6.16.0

6.16.0 (2025-04-21)

The MongoDB Node.js team is pleased to announce version 6.16.0 of the mongodb package!

Release Notes

distinct commands now support an index hint

The Collection.distinct() method now supports an optional hint, which can be used to tell the server which index to use for the command:
// providing an index description
await collection.distinct('my-key', { 
  hint: { 'my-key': 1 }
});
// providing an index name
await collection.distinct('my-key', {
hint: 'my-key'
});
This requires server 7.1+.

Driver support for servers <=4.0 deprecated

[!WARNING] Node driver support for server 4.0 will be removed in an upcoming minor release. Reference: MongoDB Software Lifecycle Schedules.

Fix processing of multiple messages within one network data chunk

During elections, or other scenarios where the server is pushing multiple topology updates to the driver in a short period of time, a bug in the driver's socket code led to backlog of topology updates that would remain in the buffer until another heartbeat arrived from the server. This could lead to delays in the driver recovering from an election and/or an increase in MongoServerSelectionErrors.

Now, all messages in the current buffer are returned to the driver leading to faster processing times.

Huge thank you to @andreim-brd for sharing a self-contained reproduction that proved to be instrumental in the identification of the underlying issue!

FindCursor.rewind() throws documents?.clear() is not a function errors in certain scenarios

In certain scenarios where limit and batchSize are both set on a FindCursor, an internal driver optimization intended to prevent unnecessary requests to the server when the driver knows the cursor is exhausted would prevent the cursor from being rewound. This issue has been resolved.

Features

NODE-6494: add support for hint on distinct commands (#4487) (40d0e87)

NODE-6515: deprecate driver support for server 4.0 (#4517) (4c1a8a7)

Bug Fixes

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.16.0 (2025-04-21)

Features

NODE-6494: add support for hint on distinct commands (#4487) (40d0e87)

NODE-6515: deprecate driver support for server 4.0 (#4517) (4c1a8a7)

Bug Fixes

NODE-6630: read all messages in buffer when chunk arrives (#4512) (8c86e30)

NODE-6878: documents.clear() throws a TypeError after cursor is rewound (#4488) (a1fffeb)

6.15.0 (2025-03-18)

Features

NODE-6141: allow custom aws sdk config (#4373) (3d047ed)

Bug Fixes

NODE-6845: ensure internal rejections are handled (#4448) (06e941a)

6.14.2 (2025-03-04)

Bug Fixes

NODE-6803: kms proxy socket creates unhandled rejection (#4444) (ed69cf9)

6.14.1 (2025-03-03)

Bug Fixes

NODE-6801: set token on connection from cache (#4438) (cb13746)

6.14.0 (2025-02-28)

Features

NODE-6676: add support for nsType in change stream create events (#4431) (7800067)

NODE-6773: add support for $lookup with automatic encryption (#4427) (965b21a)

Bug Fixes

... (truncated)

Commits

b648a63 chore(main): release 6.16.0 [skip-ci] (#4489)
4c1a8a7 feat(NODE-6515): deprecate driver support for server 4.0 (#4517)
efffb50 chore: use return await syntax in UTR to jump to throwing operation (#4514)
0d7f464 chore: add logging to flaky tests (#4513)
a1fffeb fix(NODE-6878): documents.clear() throws a TypeError after cursor is rewound ...
8c86e30 fix(NODE-6630): read all messages in buffer when chunk arrives (#4512)
f0b8739 test(NODE-6891): add coverage for all test runs (#4508)
c5bed5e test(NODE-6495): add drivers-evergreen-tools a submodule (#4509)
4f03359 test(NODE-6862): unskip flaky csot spec test (#4504)
4ac4f9d test(NODE-6863): unskip flaky csot legacy timeout spec test (#4505)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by dbx-node, a new releaser for mongodb since your current version.

Updates multer from 1.4.4 to 2.0.0

Release notes

Sourced from multer's releases.

v2.0.0

Important

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

What's Changed

🐛 drain stream. fixes regression in node 18, remove old CI, set minimum node version, fix readme badges, add .npmrc

fix: handle two busboy error events

♻️ fully drain stream

🥅 explicitly handle req error

🚨 lint:fix

⬆️ bump mocha

docs: include release 2.0.0 details

Changelog

Sourced from multer's changelog.

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

Fix out-of-band error event from busboy (#1177)

1.4.5-lts.1

No changes

1.4.4-lts.1

Bugfix: Bump busboy to fix CVE-2022-24434 (#1097)

Breaking: Require Node.js 6.0.0 or later (#1097)

Commits

2c8505f 🐛 drain stream. fixes regression in node 18, remove old CI, set minimum node ...
bde1822 ci: add ci pipeline to lts branch (#1302)
8ec534f version: 1.4.5-lts.2
502c03d history: 1.4.5-lts.2
4ce82b0 test: add test for out-of-band error event
a4be1d5 Merge pull request #1177 from max-mathieu/fix/unhandled-busboy-error
37241f8 Fix out-of-band error event from busboy
ddb65bd version: 1.4.5-lts.1
bc5be94 history: 1.4.5-lts.1
59c7ef3 version: 1.4.4-lts.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates passport from 0.3.2 to 0.7.0

Changelog

Sourced from passport's changelog.

[0.7.0] - 2023-11-27

Changed

Set req.authInfo by default when using the assignProperty option to authenticate() middleware. This makes the behavior the same as when not using the option, and can be disabled by setting authInfo option to false.

[0.6.0] - 2022-05-20

Added

authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

req#login() and req#logout() regenerate the the session and clear session information by default.

req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the ...
Description has been truncated

Bumps the npm_and_yarn group with 9 updates in the /api directory: | Package | From | To | | --- | --- | --- | | [async](https://github.com/caolan/async) | `2.6.4` | `3.2.6` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.3` | `2.2.0` | | [express](https://github.com/expressjs/express) | `4.21.2` | `5.1.0` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `7.4.3` | `9.0.2` | | [mongodb](https://github.com/mongodb/node-mongodb-native) | `2.2.36` | `6.16.0` | | [multer](https://github.com/expressjs/multer) | `1.4.4` | `2.0.0` | | [passport](https://github.com/jaredhanson/passport) | `0.3.2` | `0.7.0` | | [remarkable](https://github.com/jonschlinkert/remarkable) | `1.6.2` | `1.7.2` | | [serve-static](https://github.com/expressjs/serve-static) | `1.16.2` | `2.2.0` | Bumps the npm_and_yarn group with 32 updates in the /app directory: | Package | From | To | | --- | --- | --- | | [async](https://github.com/caolan/async) | `2.5.0` | `2.6.4` | | [body-parser](https://github.com/expressjs/body-parser) | `1.17.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.15.3` | `4.20.0` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `7.4.1` | `9.0.2` | | [passport-jwt](https://github.com/mikenicholson/passport-jwt) | `2.2.1` | `4.0.1` | | [mongodb](https://github.com/mongodb/node-mongodb-native) | `2.2.30` | `3.1.13` | | [multer](https://github.com/expressjs/multer) | `1.3.0` | `2.0.0` | | [passport](https://github.com/jaredhanson/passport) | `0.3.2` | `0.6.0` | | [remarkable](https://github.com/jonschlinkert/remarkable) | `1.6.2` | `1.7.2` | | [ajv](https://github.com/ajv-validator/ajv) | `4.11.8` | `6.12.6` | | [request](https://github.com/request/request) | `2.81.0` | `2.88.2` | | [fsevents](https://github.com/fsevents/fsevents) | `1.1.2` | `1.2.13` | | [bl](https://github.com/rvagg/bl) | `1.2.1` | `1.2.3` | | [request-json](https://github.com/hackervents/request-json) | `0.6.2` | `0.6.5` | | [decompress](https://github.com/kevva/decompress) | `4.2.0` | `4.2.1` | | [deep-extend](https://github.com/unclechu/node-deep-extend) | `0.4.2` | `0.6.0` | | [rc](https://github.com/dominictarr/rc) | `1.2.1` | `1.2.8` | | [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.0` | `1.4.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [semver](https://github.com/npm/node-semver) | `5.3.0` | `5.7.2` | | [tunnel-agent](https://github.com/mikeal/tunnel-agent) | `0.4.3` | `0.6.0` | | [caw](https://github.com/kevva/caw) | `2.0.0` | `2.0.1` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.9.0` | `3.14.1` | | [randomatic](https://github.com/jonschlinkert/randomatic) | `1.1.7` | `3.1.1` | | [fill-range](https://github.com/jonschlinkert/fill-range) | `2.2.3` | `2.2.4` | | [undefsafe](https://github.com/remy/undefsafe) | `0.0.3` | `2.0.5` | | [nodemon](https://github.com/remy/nodemon) | `1.11.0` | `1.19.4` | | [underscore.string](https://github.com/epeli/underscore.string) | `2.4.0` | `removed` | | [remarkable](https://github.com/jonschlinkert/remarkable) | `1.7.2` | `1.7.4` | | [validator](https://github.com/validatorjs/validator.js) | `6.3.0` | `13.15.0` | | [swagger-jsdoc](https://github.com/Surnet/swagger-jsdoc) | `1.9.5` | `6.2.8` | Updates `async` from 2.6.4 to 3.2.6 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@v2.6.4...v3.2.6) Updates `body-parser` from 1.20.3 to 2.2.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...v2.2.0) Updates `express` from 4.21.2 to 5.1.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `jsonwebtoken` from 7.4.3 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v7.4.3...v9.0.2) Updates `mongodb` from 2.2.36 to 6.16.0 - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md) - [Commits](mongodb/node-mongodb-native@v2.2.36...v6.16.0) Updates `multer` from 1.4.4 to 2.0.0 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/v2.0.0/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.4...v2.0.0) Updates `passport` from 0.3.2 to 0.7.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.3.2...v0.7.0) Updates `remarkable` from 1.6.2 to 1.7.2 - [Release notes](https://github.com/jonschlinkert/remarkable/releases) - [Changelog](https://github.com/jonschlinkert/remarkable/blob/master/CHANGELOG.md) - [Commits](jonschlinkert/remarkable@1.6.2...v1.7.2) Updates `serve-static` from 1.16.2 to 2.2.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.16.2...v2.2.0) Updates `async` from 2.5.0 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@v2.6.4...v3.2.6) Updates `body-parser` from 1.17.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...v2.2.0) Updates `express` from 4.15.3 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `jsonwebtoken` from 7.4.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v7.4.3...v9.0.2) Updates `passport-jwt` from 2.2.1 to 4.0.1 - [Commits](mikenicholson/passport-jwt@v2.2.1...v4.0.1) Updates `mongodb` from 2.2.30 to 3.1.13 - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md) - [Commits](mongodb/node-mongodb-native@v2.2.36...v6.16.0) Updates `multer` from 1.3.0 to 2.0.0 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/v2.0.0/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.4...v2.0.0) Updates `passport` from 0.3.2 to 0.6.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.3.2...v0.7.0) Updates `remarkable` from 1.6.2 to 1.7.2 - [Release notes](https://github.com/jonschlinkert/remarkable/releases) - [Changelog](https://github.com/jonschlinkert/remarkable/blob/master/CHANGELOG.md) - [Commits](jonschlinkert/remarkable@1.6.2...v1.7.2) Updates `serve-static` from 1.12.3 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.16.2...v2.2.0) Updates `ajv` from 4.11.8 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@4.11.8...v6.12.6) Updates `request` from 2.81.0 to 2.88.2 - [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md) - [Commits](https://github.com/request/request/commits) Updates `fsevents` from 1.1.2 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.1.2...v1.2.13) Updates `bl` from 1.2.1 to 1.2.3 - [Release notes](https://github.com/rvagg/bl/releases) - [Changelog](https://github.com/rvagg/bl/blob/master/CHANGELOG.md) - [Commits](rvagg/bl@v1.2.1...v1.2.3) Updates `request-json` from 0.6.2 to 0.6.5 - [Commits](https://github.com/hackervents/request-json/commits) Updates `bson` from 1.0.4 to 1.1.6 - [Release notes](https://github.com/mongodb/js-bson/releases) - [Changelog](https://github.com/mongodb/js-bson/blob/v1.1.6/HISTORY.md) - [Commits](mongodb/js-bson@V1.0.4...v1.1.6) Updates `debug` from 2.6.7 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.6.7...2.6.9) Updates `decompress` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/kevva/decompress/releases) - [Commits](kevva/decompress@v4.2.0...v4.2.1) Updates `deep-extend` from 0.4.2 to 0.6.0 - [Changelog](https://github.com/unclechu/node-deep-extend/blob/master/CHANGELOG.md) - [Commits](unclechu/node-deep-extend@v0.4.2...v0.6.0) Updates `rc` from 1.2.1 to 1.2.8 - [Commits](https://github.com/dominictarr/rc/commits) Updates `extend` from 3.0.1 to 3.0.2 - [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md) - [Commits](justmoon/node-extend@v3.0.1...v3.0.2) Updates `forwarded` from 0.1.0 to 0.2.0 - [Release notes](https://github.com/jshttp/forwarded/releases) - [Changelog](https://github.com/jshttp/forwarded/blob/master/HISTORY.md) - [Commits](jshttp/forwarded@v0.1.0...v0.2.0) Updates `fresh` from 0.5.0 to 0.5.2 - [Changelog](https://github.com/jshttp/fresh/blob/master/HISTORY.md) - [Commits](jshttp/fresh@v0.5.0...v0.5.2) Updates `fsevents` from 1.1.2 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.1.2...v1.2.13) Updates `ini` from 1.3.4 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.4...v1.3.8) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.0 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.0...v1.4.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 0.0.8 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v0.0.8...v1.2.8) Updates `qs` from 6.2.3 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.2.3...v6.5.3) Updates `semver` from 5.3.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.3.0...v5.7.2) Updates `sshpk` from 1.13.0 to 1.13.1 - [Release notes](https://github.com/joyent/node-sshpk/releases) - [Commits](TritonDataCenter/node-sshpk@v1.13.0...v1.13.1) Updates `tough-cookie` from 2.3.2 to 2.4.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.2...v2.4.3) Updates `tunnel-agent` from 0.4.3 to 0.6.0 - [Commits](request/tunnel-agent@v0.4.3...v0.6.0) Updates `caw` from 2.0.0 to 2.0.1 - [Commits](kevva/caw@v2.0.0...v2.0.1) Updates `js-yaml` from 3.9.0 to 3.14.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.9.0...3.14.1) Updates `mime` from 1.3.4 to 1.6.0 - [Release notes](https://github.com/broofa/mime/releases) - [Changelog](https://github.com/broofa/mime/blob/v1.6.0/CHANGELOG.md) - [Commits](broofa/mime@v1.3.4...v1.6.0) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `randomatic` from 1.1.7 to 3.1.1 - [Release notes](https://github.com/jonschlinkert/randomatic/releases) - [Commits](jonschlinkert/randomatic@1.1.7...3.1.1) Updates `fill-range` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/jonschlinkert/fill-range/releases) - [Commits](https://github.com/jonschlinkert/fill-range/commits) Updates `send` from 0.15.3 to 0.18.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.15.3...0.18.0) Updates `undefsafe` from 0.0.3 to 2.0.5 - [Release notes](https://github.com/remy/undefsafe/releases) - [Commits](remy/undefsafe@v0.0.3...v2.0.5) Updates `nodemon` from 1.11.0 to 1.19.4 - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](remy/nodemon@v1.11.0...v1.19.4) Removes `underscore.string` Updates `remarkable` from 1.7.2 to 1.7.4 - [Release notes](https://github.com/jonschlinkert/remarkable/releases) - [Changelog](https://github.com/jonschlinkert/remarkable/blob/master/CHANGELOG.md) - [Commits](jonschlinkert/remarkable@1.6.2...v1.7.2) Updates `validator` from 6.3.0 to 13.15.0 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@6.3.0...13.15.0) Updates `swagger-jsdoc` from 1.9.5 to 6.2.8 - [Release notes](https://github.com/Surnet/swagger-jsdoc/releases) - [Changelog](https://github.com/Surnet/swagger-jsdoc/blob/master/CHANGELOG.md) - [Commits](https://github.com/Surnet/swagger-jsdoc/commits/v6.2.8) --- updated-dependencies: - dependency-name: async dependency-version: 3.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 5.1.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-version: 9.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongodb dependency-version: 6.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: passport dependency-version: 0.7.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: remarkable dependency-version: 1.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 2.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-version: 9.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: passport-jwt dependency-version: 4.0.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongodb dependency-version: 3.1.13 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: passport dependency-version: 0.6.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: remarkable dependency-version: 1.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.12.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request dependency-version: 2.88.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fsevents dependency-version: 1.2.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bl dependency-version: 1.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request-json dependency-version: 0.6.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: bson dependency-version: 1.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: debug dependency-version: 2.6.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decompress dependency-version: 4.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: deep-extend dependency-version: 0.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rc dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: extend dependency-version: 3.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: forwarded dependency-version: 0.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fresh dependency-version: 0.5.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-version: 1.2.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-version: 1.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-version: 0.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-version: 1.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sshpk dependency-version: 1.13.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 2.4.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tunnel-agent dependency-version: 0.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: caw dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mime dependency-version: 1.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: randomatic dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fill-range dependency-version: 2.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undefsafe dependency-version: 2.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nodemon dependency-version: 1.19.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: underscore.string dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: remarkable dependency-version: 1.7.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: swagger-jsdoc dependency-version: 6.2.8 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 19, 2025

This was referenced May 19, 2025

Bump passport from 0.3.2 to 0.6.0 in /app #1

Closed

Bump jsonwebtoken from 7.4.1 to 9.0.0 in /app #2

Closed

Bump remarkable from 1.6.2 to 1.7.2 in /app #4

Closed

Bump remarkable from 1.6.2 to 1.7.2 in /api #6

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 2 directories with 45 updates #10

Bump the npm_and_yarn group across 2 directories with 45 updates #10

Uh oh!

dependabot bot commented on behalf of github May 19, 2025

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 2 directories with 45 updates #10

Are you sure you want to change the base?

Bump the npm_and_yarn group across 2 directories with 45 updates #10

Uh oh!

Conversation

dependabot bot commented on behalf of github May 19, 2025

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.1

Bug fixes

v3.0.0

v2.2.0

What's Changed

New Contributors

v2.1.0

What's Changed

2.0.2

What's Changed

2.2.0 / 2025-03-27

2.1.0 / 2025-02-10

2.0.2 / 2024-10-31

2.0.1 / 2024-09-10

2.0.0 / 2024-09-10

2.0.0-beta.2 / 2023-02-23

v5.1.0

What's Changed

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

9.0.2 - 2023-08-30

9.0.1 - 2023-07-05

9.0.0 - 2022-12-21

Breaking changes

Security fixes

8.5.1 - 2019-03-18

Bug fix

Docs

8.5.0 - 2019-02-20

New Functionality

Test Improvements

v6.16.0

6.16.0 (2025-04-21)

Release Notes

distinct commands now support an index hint

Driver support for servers <=4.0 deprecated

Fix processing of multiple messages within one network data chunk

FindCursor.rewind() throws documents?.clear() is not a function errors in certain scenarios

Features

Bug Fixes

6.16.0 (2025-04-21)

Features

Bug Fixes

6.15.0 (2025-03-18)

Features

Bug Fixes

6.14.2 (2025-03-04)

Bug Fixes

6.14.1 (2025-03-03)

Bug Fixes

6.14.0 (2025-02-28)

Features

Bug Fixes

v2.0.0

Important

What's Changed

2.0.0

1.4.5-lts.2

1.4.5-lts.1

1.4.4-lts.1

[0.7.0] - 2023-11-27

Changed

[0.6.0] - 2022-05-20

Added

Changed

FindCursor.rewind() throws `documents?.clear() is not a function` errors in certain scenarios